Remote Code Execution Vulnerability in CoreWCF by CoreWCF
CVE-2026-54772

7.5HIGH

Key Information:

Vendor

Corewcf

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-54772?

An unauthenticated remote attacker can exploit the handling of premature End-of-File (EOF) in CoreWCF's NetTcpBinding, NetNamedPipeBinding, or UnixDomainSocketBinding endpoints. This vulnerability can pin a server thread-pool worker at full CPU utilization for every connection made, potentially leading to denial-of-service conditions. The issue has been addressed in versions 1.8.1 and 1.9.1, which mitigate this risk.

Affected Version(s)

CoreWCF >= 1.9.0, < 1.9.1 < 1.9.0, 1.9.1

CoreWCF < 1.8.1 < 1.8.1

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.